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DETAILED ACTION 



1. 



Claims 1-51 are pending. 



Claim Rejections - 35 USC § 112 



2. 



Amendments to the claims overcome the previous 112 rejections. 



Response to Arguments 



3. 



Applicant's arguments filed October 30, 2006 have been fully considered but they are not 



persuasive. 



With regard to Applicant's arguments that Gryaznov fails to teach dividing an on-access 
malware scan into a plurality of tasks and a malware scanning task being one of a plurality of 
malware scanning tasks that are each part of an on-access malware scan, Examiner respectfully 
disagrees. Gryaznov discloses a virus scan that scans news messages for viruses. In order to 
complete the scan of the news messages, the virus scan is divided up into multiple tasks, these 
tasks consist of individual partitioned virus scans, where each virus scan is responsible for 
scanning a portion of the news messages where the scanning occurs in parallel (5:46-6:13). 

With regard to Applicant's argument that Gryanzov fails to suggest issuing a plurality of 
tasks to be performed by a plurality of different computers, the Examiner respectfully disagrees. 
Gryaznov discloses the various tasks of virus scanning different partitions of the news messages 
occurring concurrently on a plurality of partition servers which constitute a plurality of different 
computers (6:1-13). 



Application/Control Number: 09/91 1,765 Page 3 

Art Unit: 2132 

With regard to Applicant's argument that Gryaznov fails to disclose a plurality of 
malware scanning task results corresponding to a plurality of malware scanning tasks being 
collated to form a scan result corresponding to said on-access malware scan, Examiner 
respectfully disagrees. Gryaznov discloses each virus scanner, upon discovering any infected 
file, sending warning messages to a list of specified addressees, including the administrator for 
the virus scanners. Therefore, the results of each task, which consists of the partitioned virus 
scan, are collated at the administrator for all the virus scanners since the administrator receives 
all results in the form of warning messages (7:36-45). 

With regard to Applicant's argument that Gartside fails to teach not further dividing an 
on-access malware scan if the malware scan is detected as having a complexity below a 
predetermined threshold level, Examiner respectfully disagrees. Gartside discloses a complexity 
level based on pre-compressed archive size, number of files within the archive and number of 
file types. If the levels of these factors are below a predetermined threshold then the overall 
complexity of the scan is below a certain threshold level and thus, the scan is not further divided 
beyond scanning for an excessive pre-compressed archive size, number of files with the 
and number of file types (6:25-64). 

Allowable Subject Matter 

4. Claims 48 and 49 allowed. 
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scaamers are identifying properties of a computer file since they are identifying viruses whi^are 
properties of the computer file that they are infecting). 
As pfcr claims 8, 23 and 38: 

Giyaznov aldoses a computer program product wherein the onp^r more tasks are 
further divided into subH^sks (5:46-67, fig. 4a-4c, wherein the seqtience of process steps are /he 
tasks, which are the multiple virus scans into sub-tasks wjjifli are the processing steps that epch 
virus scan is broken down into). 

As per claims 12, 27, 42 and 50: 

Gryaznov discloses a compute^prograii^oduct wherein the result collating logic 
terminates any outstanding tas^nf a task result is recced indicating detection of malware 
within said computer file^7:36-45). 

As.per claipol: 

Grya^fov discloses a computer program product wherein saictalurality of tasks are 
distributed among said plurality of different computers via network (6:1-1: 



Claim Rejections - 35 USC § 103 

7. Claims 2-4, 9-11, 14, 17-19, 24-26, 29, 32-34, 39-41, 44 and 46-47 rejected under 35 
U.S.C. 103(a) as being unpatentable over Gryaznov (U.S. 6,748,534) as applied to claims 1, 7, 
13, 16, 22, 28, 31, 37 and 43 above, and further in view of Gartside, U.S. Patent No. 6,851,058. 
As: per claims 2-4, 14, 17-19, 29, 32-34 and 44: 

Gryaznov fails to teach computer files being divided into component files that contain 
embedded computer files to also be component computer files wherein the computer file is one 
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of a given list of types. However, Gartside discloses a method wherein a computer file is an 
archive file and the archive file is broken down into its component files which are further broken 
down if embedded files exist in order to be scanned (3:36-50 wherein the files are extracted from 
the archive and are thus divided out from the file and if one of the files is thus embedded and is 
an archive, it is extracted for scan, therefore the computer file is divided into component 
computer files to be separately scanned, 4:39-48, 1:53-63). 
As per claims 9-11, 24-26 and 39-41 and 46-47: 

Gryaznov fails to teach where a task is selected to be issued to another computer in 
dependence upon one of a variety of reasons and the scan dividing logic does not divide the scan 
if the scan is detected as having a complexity below a predetermined threshold level and where 
the complexity is determined as a function of one of more of a list. However, Gartside discloses 
an archive, file not being divided if it is below a certain complexity level (6:1 7-65) wherein the 
complexity level is determined as a function of the archive file (6:17-65), and a scan being 
selected to happen depends upon the storage space available (4:61-5:6). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to combine the distributed scanning invention of Gryaznov with the archive scanning 
of Gartside because if the news database contained files with embedded files they could utilize a 
severe amount of processing power and memory space in order to scan through all of them 
(Gartside, 1 :64-2:6). Therefore, the division of the embedded archive files would allow the news 
database to provide the processing and bandwidth throughput required by a growing dataset 
(Gryaznov, 2:33-40). 
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8. Claims 6, 21 and 36 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gryaznov as applied to claims 1 and 5 above, and further in view of Ranger et al. (Ranger), U.S. 
Patent No. 6,393,568. 

As per claims 6, 21 and 36: 

Gryaznov fails to teach the plurality of tasks seeking to identify different portion of one 
of a cryptographic analysis and an emulation analysis. However, Ranger discloses a method 
wherein a virus scans employs a cryptographic analysis in order to determine whether any 
unsolicited content is present within an encrypted file (2:25-46). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize the invention of Ranger in combination with the invention of Gryaznov in 
order to detect viruses in encrypted news threads and thus increase the ability of the virus 
scanners to locate computer viruses in not only embedded computer files but also encrypted 
ones. 



Allowable Subject Matter 
9. Claims 4$ s ai^i49 objected to as being dependent upon a rejected*b£se claim, but would 
be allowable if rewritten in lildqDendent form including all gttfie limitations of the base claim 
and any intervening claims. 




Any inquiry concerning ^^communication or earlier cornhnimcations from the 
examiner should be direcjerfto Kristin Derwich whose telephone number 18^*1^272-7958. The 
examiner can noirodly be reached on Monday - Friday, 8:00-5:30. 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kristin D. Sandoval whose telephone number is 571-272-7958. 
The examiner can normally be reached on Monday - Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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